Fake Extension Fiasco: $500,000 Crypto Heist Highlights the Dangers of Malicious IDE Plugins

Cursor AI IDE’s fake extension, posing as a helpful tool, swindled a Russian crypto developer out of $500,000. It sneakily installed the ScreenConnect tool, granting full control to cybercriminals. Kaspersky advises developers to double-check extensions, as even an innocent download can lead to a wallet-draining adventure.

3P
Published: July 14, 2025 4:39 pmAdded: July 14, 2025 at 10:03 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Turns out, even your cursor can be a little too eager to help itself… to your cryptocurrency! Forget about the dog eating your homework, now the mouse is eating your crypto. It’s a lesson in why you should never let a fake extension get too attached to your computer, lest it become your new unwanted roommate.

Key Points:

  • A malicious extension posing as a Solidity language tool targeted the Cursor AI IDE code editor.
  • The fake tool led to the theft of $500,000 in cryptocurrency from a Russian developer.
  • It used a PowerShell script to install remote access tools and infostealers on victim devices.
  • The bogus extension amassed 54,000 downloads before removal, with a successor reaching nearly two million.
  • Kaspersky warns of the dangers of downloading from open repositories due to malware risks.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?